Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
©2016 Patrick Tague 1
Wireless Network SecuritySpring 2016
Patrick Tague
Class #21 – Telecom Security & Privacy
©2016 Patrick Tague 2
Class #21• Original security goals in mobile networks
• (Possible) future security goals in mobile networks
• Several open research areas
©2016 Patrick Tague 3
Let's talk about mobile networks
©2016 Patrick Tague 4
2G GSM/CDMA ArchitectureMobile Stations Base Station
Subsystem
Exchange System
Network Management
Subscriber and terminal equipment databases
BSC MSCVLR
HLR
EIR
AUC
OMC
BTS
BTS
BTS
adapted from [M. Stepanov; http://www.gsm-security.net/]
SIM
SIM
SIM
SIM
©2016 Patrick Tague 5
2G GSM Security• Secure access– User authentication for billing and fraud prevention– Uses a challenge/response protocol based on a subscriber-
specific authentication key (at HLR)
• Control and data signal confidentiality– Protect voice, data, and control (e.g., dialed telephone
numbers) from eavesdropping via radio link encryption (key establishment is part of auth)
• Anonymity– Uses temporary identifiers (TMSI) instead of subscriber ID
(IMSI) to prevent tracking users or identifying calls
©2016 Patrick Tague 6
3G Evolution• The move from 2G to 3G primarily included:– Support for mobile data at (near-)broadband rates
• UMTS, TD-CDMA, WCDMA, CDMA-3xRTT, TD-SCDMA, HSDPA, HSUPA, HSPA, HSPA+
– Improved security protocols• Because everything in 2G was broken several ways
©2016 Patrick Tague 7
image from [VZW “CDMANetwork Security” whitepaper]
©2016 Patrick Tague 8
3G Security Enhancement• 3G security model builds on GSM
• Protection against active attacks– Integrity mechanisms to protect critical signaling– Enhanced (mutual) authentication w/ key freshness
• Enhanced encryption– Stronger (public) algorithm, longer keys– Encryption deeper into the network
• Core security – signaling protection
• Potential for secure global roaming (3GPP auth)
©2016 Patrick Tague 9
Authentication & Key Gen.
SIMMS MSC VLR HLR AUC
Authentication Request
3G Auth Suite
RANDK
XRES CK
SQNhe
IK AUTN
{RAND, XRES, CK, IK, AUTN}{RAND, AUTN}
RES, Auth FAIL, or SQN FAIL RES = XRES ?
3G Auth Suite
RANDK
RES CK
SQNms
IK AUTN check
AUTN
©2016 Patrick Tague 10
Enhanced Confidentiality
f8
{COUNT, BEARER, DIR, LEN}
Keystream
Ciphertext
CK
Plaintext
f8
{COUNT, BEARER, DIR, LEN}
Keystream
CK
Plaintext
• f8 is one mode of KASUMI, based on MISTY cipher– Externally reviewed (positively), published, broken
©2016 Patrick Tague 11
Enhanced Integrity
f9
{COUNT, FRESH, DIR, LEN, MSG}
MSG,MAC-I
IKf9
{COUNT, FRESH, DIR, LEN, MSG}
IK
MAC-I = XMAC-I ?
MAC-I XMAC-I
• f9 is another mode of KASUMI
©2016 Patrick Tague 12
Toward 4G• 4G represents the next generation in cellular
communication– ITU-R standard: 1Gbps fixed, 100Mbps @ 100kph– WiMAX Release 2, LTE-Advanced
• WiMAX and LTE are not really 4G
• Verizon, Sprint, AT&T use LTE; T-Mobile, AT&T use HSPA+
• Most provide ~20Mbps fixed
©2016 Patrick Tague 13
4G Security Issues• All-IP network ==> all IP-based threats apply
• Verification of users
• Heterogeneous network access– User-preferred connection methods– Multiple available connections:
• Attacker has more opportunity for exploit/attack
• Device is exposed to attacks on each connection– Exploits based on driver code, comm protocols, transport /
signaling, file-sharing, update, etc.
– Complex management systems are required
• ?
©2016 Patrick Tague 14
Some other attacks on mobile networks
©2016 Patrick Tague 15
SMS Flooding ==> Voice DoS
XBTS3
Paging X (PCH)
X Reply (RACH)Random access channel
Ch. Assign (AGCH)Access grant channel
SMS delivery (SDCCH)Standalone dedicated
control channel
XBTS3
Paging X (PCH)
X Reply (RACH)Random access channel
Ch. Assign (AGCH)Access grant channel
TCH Setup (SDCCH)Standalone dedicated
control channel
Voice traffic (TCH)Traffic channel
• Voice & SMS Resources– TCH is not used for SMS– Both SMS and voice init. use RACH, AGCH, and SDCCH
SMS flooding also works as DoS against voice calls!
©2016 Patrick Tague 16
Rogue BTS• An adversary can deploy a rogue BTS that spoofs /
mimics a service provider to attract users
• Possible to launch a MitM attack on 2G/3G mobile connections
• Applies to GPRS, EDGE, UMTS, and HSPA capable devices (far easier for GPRS/EDGE devices)
• Cheap
• Difficult to detect, if done well
©2016 Patrick Tague 17
Setting up a Rogue BTS
[Perez & Pico, BlackHat 2011]
©2016 Patrick Tague 18
What's coming next is going to get a lot more interesting
©2016 Patrick Tague 19
Spectrum Management• Most current mobile networks use multiple
dedicated channels for voice, data, text, etc.
XBTS
Paging X (PCH)
X Reply (RACH)Random access channel
Ch. Assign (AGCH)Access grant channel
SMS delivery (SDCCH)Standalone dedicated
control channel
XBTS
Paging X (PCH)
X Reply (RACH)Random access channel
Ch. Assign (AGCH)Access grant channel
TCH Setup (SDCCH)Standalone dedicated
control channel
Voice traffic (TCH)Traffic channel
©2016 Patrick Tague 20
Spectrum Agility• Base stations and handsets can learn how spectrum
is being used, so they can find gaps that are available between used “channels”– This is the basic idea of cognitive and whitespace radio
©2016 Patrick Tague 21
How can radios coordinate to find available spectrum resources?
Opportunities for misbehavior? Cheating?
Risks of flexibility?
©2016 Patrick Tague 22
What if the core network disappears?
This will happen soon.
©2016 Patrick Tague 23
What if the access
technology didn't matter?
This will change soon, too.
©2016 Patrick Tague 24
What if the access network
became a compute platform?
Mobile fog computing
©2016 Patrick Tague 25
What if we incorporate computation into every element of the mobile network?
What if we allow network elements to collaborate and share info?
©2016 Patrick Tague 26
CROSSMobile: a radical agent-based approach to mobile networking that deeply integrates computing
capabilities and proactive resource provisioning
Possibility of software agent computing in
every network element
On-the-fly resource
negotiation and allocation
Deeply integrated support for metered pricing, customized
service, context-aware networking, etc.
©2016 Patrick Tague 27
CROSSMobile Network
©2016 Patrick Tague 28
CROSSMobile NetworkFully operational (FCC-licensed) mobile
network based on open-source tools
©2016 Patrick Tague 29
What are the risks of broad (though controlled) information sharing and
cooperation across devices, domains, layers, etc.?
Additional risk of software-defined everything?
©2016 Patrick Tague 30
Apr 21:Discuss final deliverables;
Course wrap-up
Apr 26 & 28:Final presentations